How to speed up your website to improve user experience and top Google search results as well as reduce hosting costs by decreasing CPU usage

Slow websites cause two big problems: 1) Increased hosting costs and 2) Slow websites or pages will be penalized in Google’s search rankings because website performance measured by page load speed is now a big factor in Google’s search ranking.

I discovered the cost of hosting when your website starts to receive some real traffic. I received the dreaded e-mail that so many people receive from their hosting service that substantial traffic my websites receive cause tremendous CPU usage and I would have to upgrade my account. Site5.com wanted to increase my hosting fee to $123 per month (VPS4) and gave me three days to upgrade my account or move it elsewhere. The e-mail stated “We are having an emergency issue involving your account.” “Your average usage CPU time is 10.03% while the average CPU usage is 0.48% across our fleet.”

I looked around and found that $123 per month at Site5.com is a good price for what they offer (but see Hosting below for much faster hosting for half the price). I didn’t want to spend that money if it wasn’t necessary. Fortunately, Site5.com was patient and gave me more time to work on reducing my CPU usage. I worked on various ways to reduce CPU usage for three weeks and was successful in making a big difference. Site5.com “Server Health Department” wrote, “I pulled up your stats again and they are still a small amount over, but close enough that we can let it slide. As such we are marking this issue resolved now.”

On my hosting account, I run websites with plain HTML; PHP scripts; and some with WordPress. WordPress is a great content management system to build a website and/or blog but it is a heavy database user and can hog CPU time. I decided to implement several methods to optimize my websites, improve security and reduce CPU usage instead of paying $123 per month.

Webpagetest.org Run a free website speed test from multiple locations using IE; Chrome; and Firefox browsers at your chosen real consumer connection speed. You can choose from many different locations; different devices; and connection speeds. This test gives you very detailed information about what is slowing down your website.

How to run the speed test:

Choose the test location you want to test from

Choose the browser you want to test for

Click on the “Advanced Settings” arrow drop down and increase the number of tests to 5 or more up to 9 (since each test will always vary depending upon many factors such as internet connections and server demand, choosing 5 will give you an average speed.)

Hosting

After going through everything here to speed up my largest web site, which uses WordPress Multisite, I added hosting because it made a huge difference. Top10GoogleResults.com is on shared hosting at Site5.com which has good support and their shared hosting is fast but their VPS account was slower (shared accounts are usually faster because they give you more resources but if you use too much, they’ll kick you out.) They kicked out my WordPress Multisite and I took their VPS2 but it was real slow! Then they wanted me to go to VPS4 which is expensive. After a long search, I found WiredTree.com (now LiquidWeb) where I bought their least expensive pure SSD server. My site now seems about 5 times faster and it’s half the cost of Site5! They even have 24 hour telephone support. Update, my sites were moved to LiquidWeb which is even faster and has even better support.

DNS

Godaddy Premium DNS – promises faster performance and better reliability for your domain names at a low monthly price for an unlimited number of domain names. Easy to set up and comes with 24/7 tech support.

Caching

The two options I considered are WP-Super Cache and W3 Total Cache. I chose WP-Super Cache because it appeared easier to set up and some people were stating that it was better for a shared hosting environment although I suspect that was because W3 Total Cache was not set up properly. WP-Super Cache works well on my stand-alone WordPress sites but was causing numerous and serious headaches on my multisite installation. On WPMUDEV, I found Mark de Scande of www.bloglines.co.za and asked him to look at my problems. Mark removed Super Cache and installed Quick Cache which is working well without headaches.

Widget Caching

WP Widget Cache for WordPress will cache the output of your widgets and works with WP Super Cache.

Compression and Minifying

I tried using a performance speed booster for WordPress which will optimize and minify JS, CSS, and HTML. WP Performance Score Booster increased the website scores for Top10GoogleResults.com slightly and substantially on another website. WP Performance Score says it will speed-up page load times and improve website scores in website speed tests like PageSpeed, YSlow, Pingdom and GTmetrix.

CDN (Content Delivery Network)

A CDN will cache your website’s static files such as images, javascript, CSS and videos and deliver them to your site’s visitors so your hosting service doesn’t have to. A CDN will substantially speed up your website. I use Cloudflare which has an excellent free version and which provides much of the functionality of the Pro version. See Cloudflare’s post about speeding up WordPress. Incapsula also has a free plan but the free plan doesn’t have as many features as Cloudflare. Another popular and inexpensive CDN service is Amazon CloudFront. Another CDN which seems to have a good price for high volume users is NetDNA.

For WordPress, the plugin Use Google Libraries allows your WordPress site to use the content distribution network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly (Thanks to Bill Wood www.r3now.com for suggesting this plug-in.)

Security

Your SEO efforts can be compromised and your website can lose rank in Google if it gets hacked or your domain gets on an email blacklist. If your IP or domain is listed on a blacklist there is a high likelihood your customers may not be able to get your email. Knowing immediately when your website gets blacklisted is of critical importance to your website and business. Get free blacklist monitoring for your domain from MXToolbox.

Attempted botnet attacks against WordPress sites use substantial server resources and have frequently crashed my sites. The only botnet stopping plugin I found to work is a free plugin Botnet Attack Blockerwhich will lock out all admin login attempts from all IPs except white listed IPs when an attack starts and then automatically unlocks after the attack. Botnet Attack Blocker now works with WordPress Multisite, just change the default values and the same values will be set for all subsites. Read the reviews.

Other plugins like Limit Login Attempts state that it will “Limit the number of retry attempts when logging in (for each IP). (emphasis added)”. The problem is that botnet attacks can come from multiple IP addresses at the same time. If 5,000 computers each with a different IP address try to brute-force your admin password and are locked out after 5 incorrect attempts then 25,000 attempts were allowed and your server will crash. The Botnet Attack Blocker plugin ignores the different IP addresses and locks out all admin login attempts so those 1,000 different computers will only have a total between them of 5 incorrect attempts. The plugin can easily be configured to your likes in the settings. I used the default settings and white listed my IP so I can get in even during a bot net attack.

Captcha, a WordPress plugin says it allows you to implement a super security captcha form into your login and other areas you select using math logic. This may also help keeps bots from using CPU resources with login attempts.

and protects your website from spam by means of

Really good articles written to tell you how to prevent a successful attack and attempts:

Passwords: Use a different complicated password for every site you log into, whether it’s your own website or not. For my own web sites, I use passwords that are 17-18 characters long. I use www.LastPass.com to remember my user names and passwords and automatically log me into web sites. This is a good article about password security.

Usernames: Do not use the default login username such as Admin which is the default login username for WordPress. Just change it to something else. The username doesn’t have to be complicated like a password, just not the default and preferably not something common like Phil. Phil2006 is good.

wp-config Security Keys (only for WordPress): Make sure you are using all 8 unique keys and Salts in your wp-config file. These are a random array of letters, numbers and special characters. WordPress has a tool to create the keys and Salts. Just copy the keys and Salts from the tool page and paste in wp-config where you see (then upload wp-config with an FTP client like Filezilla):

Image Hot Linking — Prevent Bandwidth Theft

Other websites may link directly to your images, .js JavaScript files or CSS file to use your server’s bandwidth instead of their own, essentially using you as a free CDN. This robs you of not only performance but also money when you’re hosting company tells you that you need a more expensive plan because you’re using too much bandwidth or server resources. You can disallow hot linking on your server using your .htaccess file, so anyone attempting to hotlink to your site is blocked, producing a failed request, such as a broken image. See simple instructions to add the code to your .htaccess file. Another method is to use CloudFlare. Simply log into CloudFlare and click on the ScrapeShield tab and turn on Hotlink Protection.

Image Optimization

Decreasing the file size of images by optimizing your images is a must. You should optimize images before uploading to your website. Read everything you could want to know about image optimization at Google. There are plugins for WordPress which can optimize images automatically, but I don’t want to add another plugin which will further bloat and slow the database. I was using ImageOptimizer a free download and did a great job of substantially reducing images without any noticeable reduction in quality but I can’t get it to run in Win 7. Other stand-alone image optimization applications are: ImageOptim; RIOT; JPEGMini; ImageAlpha; pngquant; and TinyPNG. I use RIOT.

ImageOptim says “How does ImageOptim compare to TinyPNG and JPEGMini?” Tools like ImageAlpha/pngquant/TinyPNG and JPEGMini can make files much smaller using lossy compression which (slightly) lowers image quality. ImageOptim is lossless — it compresses image files without affecting quality. For best results you should first compress images using a lossy tool and then apply ImageOptim for even better compression.” You can also use online Smush.it™ from Yahoo which is lossless.

Optimizing the Database

This guide will show you how to easily optimize the database using phpMyAdmin. For a WordPress database, there are a couple of popular plug-ins. WP-Optimize will automatically clean up your WordPress database and optimize it without phpMyAdmin and will also remove page revisions. WP-DBManager is another plugin to optimize, repair, backup and restore your database. This article provides two other plug-ins and information about optimizing or repairing a WordPress database. Another article about optimizing a WordPress database and 3 plugins. I do it manually using phpMyAdmin.

Blocking Foreign IP Addresses

A substantial amount of traffic comes from foreign countries. Some of that traffic are legitimate visitors but much of it consists of spammers. I have no need for foreign visitors or spam so I was interested in blocking all foreign visitors. Not only does this substantially decrease usage but it substantially decreases spam comments and other types of spam submissions.

With WordPress, I use a free plug-in called iQ Block Countries. For non-WordPress sites, I found Power Redirector 2 which I have not tried. I’m now using the premium version of Wordfence on my multisite (see Security above) which allows you to easily block all the countries you want.

Comments

Reducing comment spam will reduce server load. A substantial amount of comment spam results from pingback and trackback notifications which occur when a spam site links back to your content. I turn off pingback and trackback notifications. You should turn of these off now but if you already have content, you will have to go to each post or page which was already created. In WordPress, go to Settings >Discussion and uncheck “Allow link notifications from other blogs (pingbacks and trackbacks). While here, uncheck “Attempt to notify any blogs linked to from the article”.

Stopping spam bots from submitting automatic comments will have a significant impact upon reducing CPU usage. There are quite a few plugins for WordPress but a couple of interesting ones appear to be Growmap Anti Spambot Plugin (free) which “adds a client side generated checkbox to your comment form asking users to confirm that they are not a spammer (I’m using it here). It is a lot less trouble to click a box than it is to enter a captcha and because the box is genereated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.” A captcha plugin which was recommended by my hosting company is Spam Captcha which states that it also works with WordPress Multisite.

Another method of reducing CPU usage and speeding up your website is to offload the work for commenting. After doing a lot of reading, I decided to go with IntenseDebate but stopped because I received 9 thousand spam comments and thought I would try anti-spam plugins. Try it out below and leave your comment about Intense Debate, other commenting systems or any other server resource saving ideas you have. You can read more about Intense Debate here.

WordPress Page & Post Revisions

If you’re using WordPress, you may not know it but WordPress is constantly saving versions of your pages and posts when you are working on them. I just looked on a friend’s WordPress site and found that he had in the neighborhood of 50 revisions saved on his pages and posts and I found 505 revisions on a page on one of my websites. This will increase the size of your database. Revision Control is a really nice free plug-in that allows you to control how many of these revisions you want saved. After installing the plug-in, the default setting is set to unlimited revisions for both pages and posts, so you need to go into the settings and change it. I set mine to “Do not store Revisions”. Better Delete Revision is another free plugin.

WordPress Cron Control

Even after doing a lot of the optimization listed here, my websites continue to receive a lot of traffic which resulted in another e-mail from my hosting company stating ” Unfortunately upon checking the usage we are still seeing it too high for a shared hosting environment. Checking the logs further it is do to the wp-cron execution.” I installed WP-Cron Control (free) which seems to have made a big difference. After installing WP-Cron Control and optimizing the database, I received another e-mail from my hosting company stating that my CPU usage had gone down significantly.

Google bot and other search engine bots have been constantly indexing wp-signup.php for every subsite on my Multisite which crashed the server. This can also help single WordPress sites. I uploaded a robots.txt file to the public_html directory on the server to stop this. Just create a .txt and name it robots.txt. Copy and paste in the file, the following:

WordPress Multisite

One of my websites is using WordPress Multisite to create websites for lawyers. This site was responsible for the majority of my CPU usage although it was only running 291 subsites and most of those had only two pages. The more websites running off of WordPress Multisite, the larger the database. So, I got rid of splogs and split the database.

Splogs: use up a lot of server resourses. Reduce the number of splog site registrations with either of these two plugins: WangGuard (free for sites earning under $200 per month) or Anti-Splog (free)

Database: I installed the Multi-DB plugin from WPMUDEV to split the database into 16 separate databases. Multi-DB substantially reduced CPU usage and also sped up the websites. I decided to pay someone to install Multi-DB for me because I did not want to spend the time to learn how to install it or the time to actually do it. If you want someone to do it for you, let me know and I can recommend someone who I found to be very reliable, knowledgeable and inexpensive. Multi-DB is a WordPress plug-in available with a paid membership from WPMUDEV but it’s well worth it to save on hosting fees and speed up the websites.

A free plug-in, called shardb, to accomplish the same thing but in a different manner was designed by Ron Rennick. Ron and his wife Andrea are well-known in the WordPress community and I have used Andrea to help me with LawFirm911.com™. I highly recommend them and I am sure that shardb works well but I went with Multi-DB because the person I used to install it was only familiar with Multi-DB. It’s apparently easy to switch from Multi-DB to shardb at any time so I have that option but Multi-DB is working very well and I like the idea of a paid plug-in because I know it will continue to be well supported.

If you have even a small WordPress Multisite installation or are planning a new installation, I recommend using Multi-DB or shardb which will very quickly save you a substantial amount every month on hosting fees. The side benefit of speeding up your websites will help to keep the websites in the top Google results. One caveat is that I was previously using BackupBuddy to back up the entire multisite installation and cannot do that any longer. BackupBuddy says that they will support Multi-DB soon but I don’t know when. In the meantime, I have been manually downloading 16 databases which is a pain in the neck. Until I find a backup solution, I would prefer one database with higher hosting costs.

Deleting Plugins: I have a lot of plugins installed and some of them are duplicative or not necessary. Plugins utilize the database and CPU usage, so eliminating plug-ins will reduce CPU usage. The problem is that I don’t know which plug-ins are not being used. These plugins are useful for checking to see which plugins are not being used at all so that you can deactivate those as needed or determine plugin popularity: Multisite Plugin Stats (now shows which plugins are installed on each subsite in Multisite); WPMU Plugin Stats; Network Plugin Auditor. Read How To Clean Up Unused Plugins in WordPress Multisite.

WordPress Speed Analysis Tools:

P3 (Plugin Performance Profiler) – See which plugins are slowing down your site. This plugin creates a report for your site’s plugins’ performance by measuring their impact on your site’s load time. WordPress sites often load slowly because of poorly configured plugins or because there are so many of them. By using the P3 plugin, you can narrow down the plugins causing your site to run slow. I was surprised to find two plugins that are CPU hogs, Formidable Pro and AddThis.

TPC! Memory Usage plugin allows WordPress administrators to view the current and peak memory usage of the application.

After spending some time to optimize my websites for faster loading and decreased CPU usage, I received an e-mail from my hosting company stating that I am now ok. The added benefit of speeding up your website is helping to keep it in the top Google results.